Malware Kovter spreads through fake updates for browsers

Attackers use advertisements on PornHub to redirect victims to a fraudulent resource offering to download an update for the browser.Researchers of the company Proofpointreporteda new malicious campaign, in which the group, baptized by experts from KovCoreG, distributes multifunctional malware Kovter through fake browser updates or updates for Adobe Flash.
In order to infect computers of users, attackers use malicious advertising banners on PornHub to redirect victims to a fraudulent resource offering to download an update for the browser. Depending on the Internet browser you are using, various notifications appear on the screen.
For example, users of Chrome and Firefox see a message with a recommendation to download an update for the corresponding browser, and users of Microsoft Internet Explorer and Edge are offered to download the update for Flash.
After downloading updates to the device users downloaded malware Kovter - a multifunctional downloader, capable of downloading malicious adware, extortion software, infostiles, and other malware. KovCoreG used filters to track the geolocation of victims and attacked only users in the UK, the US, Australia and Canada.
The researchers informed the management of Pornhub and the advertising network Traffic Junky, which belonged to compromised banners. Both companies have already removed the malicious ads, however, according to experts, the group will not cease its activity and will soon "pop up" somewhere else on the Web.